Presentation is loading. Please wait.

Presentation is loading. Please wait.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Published bySimon Claypool Modified over 9 years ago

Similar presentations

Presentation on theme: "Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009."— Presentation transcript:

1 Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009

2 Updates  Propose to change the Classic AP  Improved wording  RobotReady™  Accommodate GFD.125  Better CRL handling  Realistic re-keying  See also http://www.eugridpma.org/guidelines/ IGTF-AP-classis-difference-4-1-to-4-2.pdf [sic] 2 2009 APGridPMA meeting - Classic Profile Changes v4.2

3 Identity vetting rules  Updates to better reflect existence of robot certificates  And put down the (formerly implicit) documentation expectation on identity 3 2009 APGridPMA meeting - Classic Profile Changes v4.2

4 Wording improvements on CA/RA  New wording to accommodate CP/CPS-es with a secure but novel method for securing CA-RA communications  Updates on the rekeying and renewal section  Better wording and expression of intent 4 2009 APGridPMA meeting - Classic Profile Changes v4.2

5 The CA issuing system  Improved wording on issuing system 5 2009 APGridPMA meeting - Classic Profile Changes v4.2

6 Certificate Profile – GFD.125 cleanup  Cleanup after accepting GFD.125 6 2009 APGridPMA meeting - Classic Profile Changes v4.2

7 Certificate Profile - OIDs  New text makes it explicit that the OID of the profile MUST be included in the certificates issued under this profile  Also, add relevant 1SCP OID This will enable relying parties to make judgements based on the OIDs … and will get us out of the chicken-and-egg mess 7 2009 APGridPMA meeting - Classic Profile Changes v4.2

8 Revocation  Accommodate on-line CAs that can auto-reissue a CRL frequently, and make up for too-short CRLs 8 2009 APGridPMA meeting - Classic Profile Changes v4.2

9 Subscriber due diligence  Improved wording 9 2009 APGridPMA meeting - Classic Profile Changes v4.2

10 Implementation  EUGridPMA has standing guidelines to implement changes in the profile within 6 mo  Can you live with them?  We’re still short of the associated 1SCPs  Entity descriptions (person, robot, host/service)  Private key protection other than secure token  Robot Certificate profile set 10 2009 APGridPMA meeting - Classic Profile Changes v4.2

11

Download ppt "Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009."

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/

Robots Jens Jensen, STFC RAL GridNet2/ UK e-Science CA /NGS/GridPP/
Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.
© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March 08 2008.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam 2005-10-17 Milan Sova CESNET.

NRENs supporting Grids using current Grid technology TERENA NREN-GRID Workshop Amsterdam Milan Sova CESNET.
Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.

Updates from the EUGridPMA David Groep, Apr 8 nd, 2008.
On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.

On Robots J Jensen STFC Rutherford Appleton Lab OGF 20, Manchester, May 2007.
LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.

LiveAP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure SURFsara, and EGI.eu O-E-15 and EGI-InSPIRE.
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
+1 (801) 877-2100 Standards for Registration Practices Statements IGTF Considerations.

+1 (801) Standards for Registration Practices Statements IGTF Considerations.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Nov 7 nd, 2008.

Similar presentations

Ads by Google